On Sun, 08 Dec 2002 17:02:44 MST, Vernon Schryver <vjs@calcite.rhyolite.com> said: > Is the goal to block spam? If so, what do you do about third case of > senders that don't participate with either #1 or #2? For the first > years, most of the 10,000,000s of legitimate SMTP clients (sending > mail servers) will do neither #1 or #2, because their operators will > not have heard about it. The bootstrap problem will exist no matter what scheme we decide on. The point I was addressing was that there's been two major classes of scheme proposed so far, with interesting characteristics: at least for my user community, each class (local computation and DNS) of proposal will work very nicely for one subset of my users, and create major hassles for the complementary subset. However, the partitions created by each scheme are quite complementary, so although I can't support a "be registered in DNS" solution because it will not cover my desktop/roaming users, and I can't support a "use resources" solution because it breaks my large servers, I *can* support a "either A or B" scheme, as I have essentially no systems that couldn't do either one (at least in theory, assuming software is available). > Moore's law causes a bunch of problems for the computing idea. There > is at at least a factor of 100 in CPU speeds of current hosts. How > do you ensure that the fastest commodity CPU that a spammer might use > is forced to slow down more than the limit already imposed by network > bottlenecks without making old systems useless? I'm still pondering that one. ;) It may not be as big of a problem as we think. Rough back-of-envelope calculations now: Let's say we assume a function X designed to take 10 seconds of CPU on my laptop (which has a 1.6Gz P-4 in it) to limit it to 8K messages/day. Now, this same function will take around 2 minutes on a 133mz processor and be restricted to 800 mails/day. And yes, a spammer with a 100-node Beowolf could still send 800K mails/day, but the cost of the cluster changes the economics considerably. Now how many people are still using a 133 system to do that much outbound mail themselves (and *NOT* just relaying all outbound mail to a smarthost)? And even *MORE* to the point, what are the chances that a system that old will be upgraded software-wise to support a scheme, even if it takes zero additional CPU? I strongly suspect that the *big* issue in getting said box to play nice won't be the CPU, it will be trying to find a way to upgrade whatever creeping-horror bletchware mailer they're using on Windows 3.1 ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
pgp00165.pgp
Description: PGP signature